Tagged Questions

Cross-Site Scripting: An attack method that involves injection of code or markup into a webpage. There are three major types of XSS: Reflected XSS, Stored XSS (aka persistent XSS), DOM-based XSS (aka client side XSS).

I'm about to graduate in "Computer Science", and I'm writing thesis about the Javascript vulnerabilities. In particular, I'm analyzing the JS vulnerabilities that allow XSS attacks.
I would like to ...

I'm aware that there are various tools for testing for XSS vulnerabilities. However, all the ones that I'm aware of (Vega, possibly BeEF, etc.) operate purely client-side. When testing for stored XSS ...

I am trying to solve this exercise http://pentesteracademylab.appspot.com/lab/webapp/jfp/3.
The objective of this is to "Post the Username and Password to Attacker Controlled Server".
There is a url ...

I'm trying to create a POC for responsible disclosure, but I'm having an issue...
When I use a textbox to submit my payload, it brings me to another page where the javascript executes and is present ...

I want to provide users with sub domains on my website.
Users will provide an ip address and the sub domain they want and I will then use a DNS service to redirect to that IP through an A record or ...

I found reflected XSS on my website. And its fixed now. There are a lot of websites which tell how a XSS can be detected or what can be compromised but I could not find what measures should be taken ...

For a project at university I have done research about all kinds of security issues, especially privacy-related ones, that have come up on mobile OS and applications over the last few years.
One of ...

I need to provide evidence that CSRF or XSS is possible on a phone... using PhoneGap, a Webview, or specifically a "Chrome Tab" or iOS equivalent.
I believe in theory this is possible, and mitigation ...

I am currently developing a REST API with Java EE and MySQL, it will feed Data to a Android App. The Data comes from an AngularJS Frontend.
So my questions are, when:
When do I escape the data? Before ...

Definition of XSS
If you search the web, there are many different ways to define a cross site scripting attack. Simply put, XSS vulnerabilities occur when a malicious attacker is permitted to inject ...

Before I begin, I say 'illegal' because I guess the law is somewhat sketchy around the topic and that topic is XSS research. Apparently people have been taken to court over it and UK law does have a ...

Assuming that users are using modern browsers, is implementing a strict CSP policy enough to prevent all XSS attacks?
I'm working on a Backbone app, and am wondering if I still need to be escape user ...